1.3 Auth & Teams

A single Concourse installation can accomodate many projects and users.

Pipelines, builds, and all other user data are owned by teams. A team is just a conceptual owner and a separate namespace, tied to an authorization config. For example, a team may authorize all members of the concourse GitHub organization to be a member.

When a user authenticates, each team's authorization config is checked against the user to determine which role, if any, to grant for the team. This information is then stored in the user's token to determine access control for future requests.

Table of contents:

1.3.1 The main team
1.3.2 Configuring Auth
1. 1.3.2.1 Local User auth
2. 1.3.2.2 GitHub auth
3. 1.3.2.3 GitLab auth
4. 1.3.2.4 BitBucket Cloud auth
5. 1.3.2.5 CF/UAA auth
6. 1.3.2.6 LDAP auth
7. 1.3.2.7 Microsoft auth
8. 1.3.2.8 Generic OIDC auth
9. 1.3.2.9 Generic oAuth
10. 1.3.2.10 Generic SAML auth
1.3.3 Managing Teams
1. 1.3.3.1 fly set-team
  1. 1.3.3.1.1 Setting User Roles
2. 1.3.3.2 fly active-users
3. 1.3.3.3 fly teams
4. 1.3.3.4 fly get-team
5. 1.3.3.5 fly rename-team
6. 1.3.3.6 fly destroy-team
1.3.4 User Roles & Permissions
1. 1.3.4.1 Concourse Admin
2. 1.3.4.2 owner role
3. 1.3.4.3 member role
4. 1.3.4.4 pipeline-operator role
5. 1.3.4.5 viewer role
6. 1.3.4.6 Action Matrix
7. 1.3.4.7 Configuring RBAC
1.3.5 Pipeline & Build Visibility
1.3.6 Security Caveats

1.1	Getting Started
1.2	Install
1.3	Auth & Teams
1.4	The `fly` CLI
1.5	Config Basics
1.6	Pipelines
1.7	Vars
1.8	Resources
1.9	Resource Types
1.10	Jobs
1.11	Steps
1.12	Tasks
1.13	Builds
1.14	How-To Guides
1.15	Operation
1.16	Observation
1.17	Internals